Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tor vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-3519
routerlist.c in Tor prior to 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote malicious users to obtain sensitive information about relay selection via a timing side-channel attack.
Tor Tor
4.3
CVSSv2
CVE-2020-15572
Tor prior to 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
Torproject Tor
Torproject Tor 0.4.4.0
Torproject Tor 0.4.4.1
5
CVSSv2
CVE-2006-6893
Tor allows remote malicious users to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence...
Tor Tor 0.1.1.26
5
CVSSv2
CVE-2009-2425
Tor prior to 0.2.0.35 allows remote malicious users to cause a denial of service (application crash) via a malformed router descriptor.
Tor Tor 0.2.0.35
NA
CVE-2023-41442
An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 up to and including 3.1 allows a remote malicious user to execute arbitrary code via a crafted request to the MQTT component.
Kloudq Tor Loco Min
Kloudq Tor Equip Gateway 1.0
Kloudq Tor Shield 1.0
Kloudq Tor Lenz 0.0.1
6.8
CVSSv2
CVE-2016-3180
Tor Browser Launcher (aka torbrowser-launcher) prior to 0.2.4, during the initial run, allows man-in-the-middle malicious users to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signatur...
Tor Browser Launcher Project Tor Browser Launcher 0.2.3
5
CVSSv2
CVE-2017-8819
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INT...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2017-8820
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2017-8822
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of ano...
Tor Project Tor
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2017-8821
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a pa...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »